From 645e5b33833ea5c9de1f4aa1d2de6062b5e806d0 Mon Sep 17 00:00:00 2001 From: Benno Evers Date: Mon, 23 Aug 2021 14:01:27 +0200 Subject: [PATCH 1/3] Correctly validate 'apps.misp.api.*' config settings The 'apps.misp.api' key is optional, but the code used to assume that if it is present, then all three of the subkeys 'api.host', 'api.ssl' and 'api.key' are also present. We now validate that this is indeed the case. --- config.yaml.example | 2 +- .../apps/threatbus_misp/threatbus_misp/plugin.py | 13 ++++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/config.yaml.example b/config.yaml.example index 2dd63a2b..8dc5f95a 100644 --- a/config.yaml.example +++ b/config.yaml.example @@ -42,7 +42,7 @@ plugins: module_namespace: Tenzir # Requires the 'threatbus-misp' package to be installed misp: - api: # Optional + api: # Optional. If present, all of 'host', 'ssl', 'key' are required. host: https://localhost ssl: false key: MISP_API_KEY diff --git a/plugins/apps/threatbus_misp/threatbus_misp/plugin.py b/plugins/apps/threatbus_misp/threatbus_misp/plugin.py index 4e9a02c3..94fd1f88 100644 --- a/plugins/apps/threatbus_misp/threatbus_misp/plugin.py +++ b/plugins/apps/threatbus_misp/threatbus_misp/plugin.py @@ -222,16 +222,23 @@ def config_validators() -> List[Validator]: "operations": "Either configure the MISP plugin to use ZeroMQ or Kafka, but not both." }, ) + api_is_present = Validator(f"plugins.apps.{plugin_name}.api", required=True) return [ Validator( f"plugins.apps.{plugin_name}.filter", is_type_of=list, default=[], ), + # TODO Validator( - f"plugins.apps.{plugin_name}.api", - is_type_of=dict, - default={}, + f"plugins.apps.{plugin_name}.api.host", + f"plugins.apps.{plugin_name}.api.ssl", + f"plugins.apps.{plugin_name}.api.key", + when=Validator(f"plugins.apps.{plugin_name}.api", must_exist=True), + required=True, + messages={ + "must_exist_true": "All of 'api.host', 'api.ssl', and 'api.key' must be defined when the 'api' key exists" + }, ), zmq_kafka_mut_exclusive_validator, zmq_validator, From 53b78670f2da3c4a185d91cd90109af9e0ba03b8 Mon Sep 17 00:00:00 2001 From: Benno Evers Date: Mon, 23 Aug 2021 14:05:49 +0200 Subject: [PATCH 2/3] Add changelog entry --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7911b77f..2003ed9c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,9 @@ Every entry has a category for which we use the following visual abbreviations: address some limitations in the configuration framework. [#157](https://github.com/tenzir/threatbus/pull/157) +- 🐞 Fixed config validation for the 'apps.misp.api' setting. + [#161](https://github.com/tenzir/threatbus/pull/161) + ## [2021.07.29] - 🐞 Threatbus now only attempts to load plugins that are explicitly From 6e1ae08f2e5d0751efd83febee47f482a7d6966a Mon Sep 17 00:00:00 2001 From: Benno Evers Date: Mon, 23 Aug 2021 16:38:01 +0200 Subject: [PATCH 3/3] Integrate review feedback --- plugins/apps/threatbus_misp/threatbus_misp/plugin.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/plugins/apps/threatbus_misp/threatbus_misp/plugin.py b/plugins/apps/threatbus_misp/threatbus_misp/plugin.py index 94fd1f88..11d3324b 100644 --- a/plugins/apps/threatbus_misp/threatbus_misp/plugin.py +++ b/plugins/apps/threatbus_misp/threatbus_misp/plugin.py @@ -222,14 +222,13 @@ def config_validators() -> List[Validator]: "operations": "Either configure the MISP plugin to use ZeroMQ or Kafka, but not both." }, ) - api_is_present = Validator(f"plugins.apps.{plugin_name}.api", required=True) return [ Validator( f"plugins.apps.{plugin_name}.filter", is_type_of=list, default=[], ), - # TODO + # TODO: Allow default values for 'host' and 'ssl'. Validator( f"plugins.apps.{plugin_name}.api.host", f"plugins.apps.{plugin_name}.api.ssl",